The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Convert Default Addresses to :fail:

Discussion in 'General Discussion' started by chirpy, Oct 21, 2004.

  1. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I just posted this to a thread and thought I'd make it available to anyone who wants to run it on their servers. It changes all Default Addresses (i.e. catchall aliases) for all domains on the server to :fail:

    Code:
    #!/usr/bin/perl
    print "Converting all domain Default Accounts to :fail: ...";
    opendir (DIR, "/etc/valiases/") or die;
    while (my $file = readdir (DIR)) {
    	if ($file =~ /^\./) {next}
    	open (IN, "</etc/valiases/$file") or die;
    	my @data = <IN>;
    	close (IN);
    	open (OUT, ">/etc/valiases/$file") or die;
    	foreach my $line (@data) {
    		if ($line =~ /^\*\:/) {
    			print OUT "*: :fail:\n";
    		} else {
    			print OUT $line;
    		}
    	}
    	close (OUT);
    }
    print "Done!\n";
    
    Use at your own risk. That means, backup /etc/valiases before running it ;)
     
  2. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    Why would you want :fail:? :fail:'s just a bad idea IMO. :blackhole: is the answer. :)
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Nope, :fail: is definitely the way to go. Here comes my usual answer ;)

    It's been accepted now that since the use of verify = recipient in exim.conf that it is definitely best to use :fail: now.

    The reasons are:

    1. :blackhole: accepts the email and receives it, then sends it to /dev/null. This wastes your bandwidth and actually breaks the SMTP RFC because you're not notifying the sender that the email is undelivered.

    2. :fail: stops the email from being received, because verify = recipient occurs at the RCPT phase of the SMTP exchange before any data has been received. No bounce is sent, the exchange simply termintates with an SMTP error code. This means much less processing resources on your SMTP server, much less bandwidth (you don't actually receive the email) and you maintain RFC compliance by notifying the senders SMTP server that the delivery failed (which spammers ignore and real people appreciate if they've made an addressing mistake).
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Btw, just to back that up - I did extensive research on the use of :blackhole: and :fail: when I wrote the exim Dictionary Attack ACL over here:
    http://www.webumake.com/free/eximdeny.htm

    I also used to think that :blackhole: was best until it was pointed out to me that several months ago the ACL's were changed to use verify = recipient at the RCPT stage. So cynical me went and checked it out and found it to be perfectly true ;)
     
  5. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Heh, chirpy, this seems to come up about once a week... I see why you have your usual answer saved and handy. heh.
     
  6. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    It does get asked a lot doesn't it?
     
  7. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    I looked at your dictionary attack rules, that you recommended, for exim.conf, and found it quite flawed. Your script however is another story. It works well to ban the ip however it needs to be used properly in exim.conf.

    I will email you later, off this site and let you know the much better way to use your perl script with exim.conf
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I wait with baited breath. It works perfectly well for me and all the people I've installed it for and those that have used it themselves. I did do extensive testing with it, using examples provided by the exim developers.

    Since you're so highly critical of it, I do hope you will have the decency to post the problems with the implementation here as a matter of urgency, since it is so "flawed".
     
    #8 chirpy, Oct 23, 2004
    Last edited: Oct 23, 2004
  9. picoyak

    picoyak Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    FWIW, the dictionary rules are working very well for me. I've noticed that among the bogus recipients there are often some valid ones, so along with reducing load, it's helped ditch a bit of spam.

    Why? Chirpy has been generous enough to share his work with everyone here. If you have some addition, then for cryin' out loud, spit it out! :D
     
  10. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    How do you implement this on a secondary (backup MX) mail server?

    The current version of the ACL doesn't work on such servers, since they don't even have the valias files on them. Help!
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You cannot implement it for email being queued on a secondary MX server because the email has not reached its final destination. This can only happen on the primary MX server. It's a limitation you have by imposing an additional hop in the mail delivery route by interrupting the direct SMTP delivery from the source.
     
  12. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    495
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Los Angeles California
    I think you have to add extra detection to the script.

    From what I know, this script will also switch the pipings that are required by helpdesk softwares to :fail:
    You have to use pregmatch regex to check that the destination is not a php,cgi or a binary.
    Hope that helps. :D
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Hi Roy,

    I completely agree. It was just thrown togther for those that wanted to splat all their domains, as someone asked for it. So they got it ;)
     
  14. XPerties

    XPerties Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    401
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Jersey, USA
    You just take this script, place it in a new file on your server and access it to run the script? :confused: :confused: :confused:
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, bascially do this as root on the server:

    pico -w defrep.pl
    (paste in the script from the thread and exit)

    perl defrep.pl

    That should be it.
     
  16. chican0

    chican0 Well-Known Member

    Joined:
    Mar 26, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Los Angeles
    I would love to use this script but I have been finding that accounts with multiple email accounts (pop3 accounts), start having problems.

    The primary problem is that the Main Account, the primary email address which is automaticaly created when the account is created (account username) will no longer accept emails. The system instead returns the following error:

    The only work around I have found is to create a second pop3 mail account and add a forwarder to route mails from the Main Account(username) to the new pop3 account.

    This can be unacceptable for a few customers as some of their preferred email address is that of the Main Account which is automatically created by the system during initial account setup.

    Does anyone know of a way to fix this problem? To set the Default address to :fail: and still receive emails to the Main email Account?
     
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  18. chican0

    chican0 Well-Known Member

    Joined:
    Mar 26, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Los Angeles
    That is just freekin awsome!

    Thanks Chirpy. Your a definite help.

    I do have a couple questions.... I have been searching thie board for that answer for the past hour. Was that little bit of info mentioned in other threads that you know of or is it hardly mentioned at all. I would feel quite helpless if it is in other threads and I just could not manage to find it.

    Also, After running your small script... what would be the easiest way to add the required forwarder for the Default Account email address to work on all domains? Or do I need to go into each cPanel and manually add them?

    And finally, is this a cPanel or Exim bug? If so, any word or information about it being fixed/patched? I do know it has been an issue for a while as I remember running into this issue sometime back but only used the workaround mentioned in my previous post.

    Thanks again for your assistance!
     
  19. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    1. It's only something that has come to light recently and was posted by rs-freddo hidden in some other threads, so it's easily missed.

    2. You will need to add it manually without more scripting. You could also do it directly in the /etc/valiases/*

    3. It's a feature ;) Basically, it's an artefact of the way that cPanel has created virtual POP3 accounts together with the exim delivery system works.
     
  20. RegisterHosting

    Joined:
    Aug 21, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Sometimes need convert :blackhole: to :fail:
    Use this command in ssh

    replace :blackhole: :fail: -- /etc/valiases/*
     
Loading...

Share This Page